02

Module 2: Targeting CPS

2.01 Targeting HMI

- HMI role in the ICS network

- HMI vulnerabilities

- Exploiting HMI vulnerabilities (Metasploit)

- Hands on lab: YARA rule creation

2.02 Targeting Engineering station (EWS)

- EWS security challenges and vulnerabilities

- Hand on Lab: Configuration file manipulation

2.03 Targeting PLC

- Ladder Programming

- Digital Logic functions

- Fail safe design

- Input, output, and memory addressing IEC 61131-3

- OpenPLC intro

- MODBUS addressing

- PLC memory \ IO

- Hand on lab: Ladder programming

2.04 Targeting ICS\CPS Communication Protocols

- Commonly used ICS Protocols

- MODBUS overview

- MODBUS sample architecture

- MODBUS data representation

- CIP\ENIP protocol introduction

- CIP modes and addressing 

- CIP Communication

- Hand-on lab: CIP\MODBUS sniffing\replay attacks

2.05 Summary & Review: Targeting ICS Process

- Putting it together: ICS kill-chain

- Hands on lab: Man in the middle attack using Arduino Uno